The current state of security -- Insights from the German software industry
- URL: http://arxiv.org/abs/2402.08436v3
- Date: Wed, 27 Mar 2024 21:13:09 GMT
- Title: The current state of security -- Insights from the German software industry
- Authors: Timo Langstrof, Alex R. Sabau,
- Abstract summary: This paper outlines the main ideas of secure software development that have been discussed in the literature.
A dataset on implementation in practice is gathered through a qualitative interview research involving 20 companies.
- Score: 0.0
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: These days, software development and security go hand in hand. Numerous techniques and strategies are discussed in the literature that can be applied to guarantee the incorporation of security into the software development process. In this paper the main ideas of secure software development that have been discussed in the literature are outlined. Next, a dataset on implementation in practice is gathered through a qualitative interview research involving 20 companies. Trends and correlations in this dataset are found and contrasted with theoretical ideas from the literature. The results show that the organizations that were polled are placing an increasing focus on security. Although the techniques covered in the literature are being used in the real world, they are frequently not fully integrated into formal, standardized processes. The insights gained from our research lay the groundwork for future research, which can delve deeper into specific elements of these methods to enhance our understanding of their application in real-world scenarios.
Related papers
- Security of Language Models for Code: A Systematic Literature Review [22.046891149121812]
Language models for code (CodeLMs) have emerged as powerful tools for code-related tasks.
CodeLMs are susceptible to security vulnerabilities, drawing increasing research attention from domains such as software engineering, artificial intelligence, and cybersecurity.
arXiv Detail & Related papers (2024-10-21T04:27:41Z) - Security Challenges of Complex Space Applications: An Empirical Study [0.0]
I investigate the security challenges of the development and management of complex space applications.
I discuss the four most critical security challenges identified by the interviewed experts: verification of software artifacts, verification of the deployed application, single point of security failure, and data tampering by trusted stakeholders.
I propose future research of new DevSecOps strategies, practices, and tools which would enable better methods of software integrity verification in the space and defense industries.
arXiv Detail & Related papers (2024-08-15T10:02:46Z) - CodeLMSec Benchmark: Systematically Evaluating and Finding Security
Vulnerabilities in Black-Box Code Language Models [58.27254444280376]
Large language models (LLMs) for automatic code generation have achieved breakthroughs in several programming tasks.
Training data for these models is usually collected from the Internet (e.g., from open-source repositories) and is likely to contain faults and security vulnerabilities.
This unsanitized training data can cause the language models to learn these vulnerabilities and propagate them during the code generation procedure.
arXiv Detail & Related papers (2023-02-08T11:54:07Z) - Evaluating Model-free Reinforcement Learning toward Safety-critical
Tasks [70.76757529955577]
This paper revisits prior work in this scope from the perspective of state-wise safe RL.
We propose Unrolling Safety Layer (USL), a joint method that combines safety optimization and safety projection.
To facilitate further research in this area, we reproduce related algorithms in a unified pipeline and incorporate them into SafeRL-Kit.
arXiv Detail & Related papers (2022-12-12T06:30:17Z) - Semantic Similarity-Based Clustering of Findings From Security Testing
Tools [1.6058099298620423]
In particular, it is common practice to use automated security testing tools that generate reports after inspecting a software artifact from multiple perspectives.
To identify these duplicate findings manually, a security expert has to invest resources like time, effort, and knowledge.
In this study, we investigated the potential of applying Natural Language Processing for clustering semantically similar security findings.
arXiv Detail & Related papers (2022-11-20T19:03:19Z) - Security and Safety Aspects of AI in Industry Applications [0.0]
We summarise issues in the domains of safety and security in machine learning that will affect industry sectors in the next five to ten years.
Reports of underlying problems in both safety and security related domains, for instance adversarial attacks have unsettled early adopters.
The problem for real-world applicability lies in being able to assess the risk of applying these technologies.
arXiv Detail & Related papers (2022-07-16T16:41:00Z) - Deep Learning Schema-based Event Extraction: Literature Review and
Current Trends [60.29289298349322]
Event extraction technology based on deep learning has become a research hotspot.
This paper fills the gap by reviewing the state-of-the-art approaches, focusing on deep learning-based models.
arXiv Detail & Related papers (2021-07-05T16:32:45Z) - Benchmarks for Deep Off-Policy Evaluation [152.28569758144022]
We present a collection of policies that can be used for benchmarking off-policy evaluation.
The goal of our benchmark is to provide a standardized measure of progress that is motivated from a set of principles.
We provide open-source access to our data and code to foster future research in this area.
arXiv Detail & Related papers (2021-03-30T18:09:33Z) - A Survey of Deep Learning Approaches for OCR and Document Understanding [68.65995739708525]
We review different techniques for document understanding for documents written in English.
We consolidate methodologies present in literature to act as a jumping-off point for researchers exploring this area.
arXiv Detail & Related papers (2020-11-27T03:05:59Z) - Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance.
We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems.
We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
arXiv Detail & Related papers (2020-10-19T13:09:31Z) - Cyber Security Behaviour In Organisations [0.0]
This review explores the academic and policy literature in the context of everyday cyber security in organisations.
It identifies four behavioural sets that influences how people practice cyber security.
These are compliance with security policy, intergroup coordination and communication, phishing/email behaviour, and password behaviour.
arXiv Detail & Related papers (2020-04-24T14:17:46Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.